Skip to content

E
edx-platform
Commit 8e33ec52 by Marko Jevtic
Options

Address comments

parent b44864b3
Showing with 18 additions and 20 deletions
openedx/core/lib/api/tests/test_permissions.py
...@@ -38,8 +38,8 @@ class IsCourseStaffInstructorTests(TestCase): ...@@ -38,8 +38,8 @@ class IsCourseStaffInstructorTests(TestCase):
def setUp(self): def setUp(self):
super(IsCourseStaffInstructorTests, self).setUp() super(IsCourseStaffInstructorTests, self).setUp()
self.permission = IsCourseStaffInstructor() self.permission = IsCourseStaffInstructor()
self.coach = UserFactory.create() self.coach = UserFactory()
self.user = UserFactory.create() self.user = UserFactory()
self.request = RequestFactory().get('/') self.request = RequestFactory().get('/')
self.request.user = self.user self.request.user = self.user
self.course_key = CourseKey.from_string('edx/test123/run') self.course_key = CourseKey.from_string('edx/test123/run')
...@@ -73,7 +73,7 @@ class IsMasterCourseStaffInstructorTests(TestCase): ...@@ -73,7 +73,7 @@ class IsMasterCourseStaffInstructorTests(TestCase):
super(IsMasterCourseStaffInstructorTests, self).setUp() super(IsMasterCourseStaffInstructorTests, self).setUp()
self.permission = IsMasterCourseStaffInstructor() self.permission = IsMasterCourseStaffInstructor()
master_course_id = 'edx/test123/run' master_course_id = 'edx/test123/run'
self.user = UserFactory.create() self.user = UserFactory()
self.get_request = RequestFactory().get('/?master_course_id={}'.format(master_course_id)) self.get_request = RequestFactory().get('/?master_course_id={}'.format(master_course_id))
self.get_request.user = self.user self.get_request.user = self.user
self.post_request = RequestFactory().post('/', data={'master_course_id': master_course_id}) self.post_request = RequestFactory().post('/', data={'master_course_id': master_course_id})
...@@ -134,45 +134,44 @@ class IsStaffOrOwnerTests(TestCase): ...@@ -134,45 +134,44 @@ class IsStaffOrOwnerTests(TestCase):
def test_staff_user(self): def test_staff_user(self):
""" Staff users should be permitted. """ """ Staff users should be permitted. """
user = UserFactory.create(is_staff=True) user = UserFactory(is_staff=True)
self.assert_user_has_object_permission(user, True) self.assert_user_has_object_permission(user, True)
def test_owner(self): def test_owner(self):
""" Owners should be permitted. """ """ Owners should be permitted. """
user = UserFactory.create() user = UserFactory()
self.obj.user = user self.obj.user = user
self.assert_user_has_object_permission(user, True) self.assert_user_has_object_permission(user, True)
def test_non_staff_test_non_owner_or_staff_user(self): def test_non_staff_test_non_owner_or_staff_user(self):
""" Non-staff and non-owner users should not be permitted. """ """ Non-staff and non-owner users should not be permitted. """
user = UserFactory.create() user = UserFactory()
self.assert_user_has_object_permission(user, False) self.assert_user_has_object_permission(user, False)
def test_has_permission_as_staff(self): def test_has_permission_as_staff(self):
""" Staff users always have permission. """ """ Staff users always have permission. """
self.request.user = UserFactory.create(is_staff=True) self.request.user = UserFactory(is_staff=True)
self.assertTrue(self.permission.has_permission(self.request, None)) self.assertTrue(self.permission.has_permission(self.request, None))
def test_has_permission_as_owner_with_get(self): def test_has_permission_as_owner_with_get(self):
""" Owners always have permission to make GET actions. """ """ Owners always have permission to make GET actions. """
user = UserFactory.create() user = UserFactory()
request = RequestFactory().get('/?username={}'.format(user.username)) request = RequestFactory().get('/?username={}'.format(user.username))
request.user = user request.user = user
self.assertTrue(self.permission.has_permission(request, None)) self.assertTrue(self.permission.has_permission(request, None))
def test_has_permission_with_view_kwargs_as_owner_with_get(self): def test_has_permission_with_view_kwargs_as_owner_with_get(self):
""" Owners always have permission to make GET actions. """ """ Owners always have permission to make GET actions. """
user = UserFactory.create() user = UserFactory()
request = RequestFactory().get('/') self.request.user = user
request.user = user
view = GenericAPIView() view = GenericAPIView()
view.kwargs = {'username': user.username} view.kwargs = {'username': user.username}
self.assertTrue(self.permission.has_permission(request, view)) self.assertTrue(self.permission.has_permission(self.request, view))
@ddt.data('patch', 'post', 'put') @ddt.data('patch', 'post', 'put')
def test_has_permission_as_owner_with_edit(self, action): def test_has_permission_as_owner_with_edit(self, action):
""" Owners always have permission to edit. """ """ Owners always have permission to edit. """
user = UserFactory.create() user = UserFactory()
data = {'username': user.username} data = {'username': user.username}
request = getattr(RequestFactory(), action)('/', data, format='json') request = getattr(RequestFactory(), action)('/', data, format='json')
...@@ -182,16 +181,15 @@ class IsStaffOrOwnerTests(TestCase): ...@@ -182,16 +181,15 @@ class IsStaffOrOwnerTests(TestCase):
def test_has_permission_as_non_owner(self): def test_has_permission_as_non_owner(self):
""" Non-owners should not have permission. """ """ Non-owners should not have permission. """
user = UserFactory.create() user = UserFactory()
request = RequestFactory().get('/?username={}'.format(user.username)) request = RequestFactory().get('/?username={}'.format(user.username))
request.user = UserFactory.create() request.user = UserFactory()
self.assertFalse(self.permission.has_permission(request, None)) self.assertFalse(self.permission.has_permission(request, None))
def test_has_permission_with_view_kwargs_as_non_owner(self): def test_has_permission_with_view_kwargs_as_non_owner(self):
""" Non-owners should not have permission. """ """ Non-owners should not have permission. """
user = UserFactory.create() user = UserFactory()
request = RequestFactory().get('/') self.request.user = user
request.user = user
view = GenericAPIView() view = GenericAPIView()
view.kwargs = {'username': UserFactory.create().username} view.kwargs = {'username': UserFactory().username}
self.assertFalse(self.permission.has_permission(request, view)) self.assertFalse(self.permission.has_permission(self.request, view))
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment